[deleted]
Comments
[deleted] OP t1_iwz747t wrote
[deleted]
[deleted] OP t1_iwz8du8 wrote
[deleted]
coconut_sorbet t1_iwzri9n wrote
+1000
dfloyo t1_ix05yfg wrote
This is the most likely scenario. Reusing credentials could also be a part of the problem. If you use the same login and password on two sites and one of them is compromised attackers will figure out where else they can use your credentials.
halfghan24 t1_ix08h19 wrote
Maybe they should use some of their “encryption software” they told one of their managers they used to monitor her social media to get to the bottom of this!
It’s not a coincidence that their socials and marketing took a nose dive after losing their social media manager (one of seven managers they’ve lost in less than a year)
KDRadio1 t1_ix13ff2 wrote
The plot thickens…
predicktable_x t1_iwzt816 wrote
Or everyone should just stop using Facebook since they will likely not help out.
jodyhighrola t1_iwzx3it wrote
This is the way
Ditovontease t1_iwzikql wrote
Apparently this has been happening to random local business pages everywhere... guess fb had a security breach again?
CptJaxxParrow t1_ix0d73p wrote
Happened to me. They use business pages to run phishing ads. They add themselves as an admin on the business page and start running their ads. In order to make sure the actual owner cant put a stop to it, they take over the admin page and post porn or child exploitation images to have the algorithm lock them out.
I got mine back after 4 months and am still fighting the $11000 ad bill they rung up
drewvolution t1_ix18b4i wrote
That Zucks
OnARedditDiet t1_ix10e0u wrote
It's unlikely a security breach, more likely got phished or just a bad password
Enable 2fa yall
borari t1_ix16qdb wrote
That's 100% a security breach. A security breach isn't just Cobalt Strike implants beaconing out from your systems, it includes stuff like social media account takeovers, business email compromise, etc. Any respectable SOC or IR team will have a playbook for this type of situation. It's not any sort of data exfiltration where people's PII is at risk, which is what I think you may have been trying to get at.
OnARedditDiet t1_ix18vl8 wrote
It's a breach of whoever's account not of Facebook.
You're not activating facebooks SOC because 1 (non-paying) customer was phished.
Edit: I would assume Byrd theater does not have a full time IT employee or a MDR contract.
borari t1_ix1d6of wrote
Nobody said anything about Facebook getting hacked, or Facebook's IR team. I was just saying that an arbitrary company with a respectable SOC/IR team would have a playbook for dealing with social media account compromise in addition to their playbooks for ransomware, c2 beaconing alerts etc., because a compromised social media account is a compromised business asset, which is a security breach.
OnARedditDiet t1_ix1dswb wrote
Nobody said facebook had a breach except the comment I was replying to...
I understand your point but the only thing I'm saying is that it's unlikely that this one page was impacted by a facebook security breach (if there was one).
borari t1_ix1e2c9 wrote
Ah. I'm a complete idiot. I was over here thinking "of course The Byrd suffered a security breach, what else would this be?". Ignore me.
nartarf t1_iwzk3oc wrote
It’s the workers who were paid shit to admin the pages trying to get their moneys worth.
lunar_unit t1_iwz4lwf wrote
[deleted] OP t1_iwz7cyw wrote
[deleted]
lunar_unit t1_iwz86x8 wrote
I'm in agreement with you. I added links for more context for other readers, and so those without Facebook can see what's going on.
anonyngineer t1_iwzj2n9 wrote
Done.
Relentless_Snappy t1_ix2m6qu wrote
Meh
lostspyder t1_ix17akp wrote
The best way is to delete your own Facebook account. That way you're helping out Byrd Theater and everything!
Glen_YngkinDid_9-11 t1_iwzxwdb wrote
Don’t snitch it’s funny
DocMeow3 t1_iwz5gko wrote
Reported. But it’s also kind of funny 😅